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REMARKS 

Applicant appreciates the Examiner's thorough examination of the subject application 
and requests reexamination and reconsideration of the subject application in view of the 
preceding amendments and the following remarks. Applicant has carefully reviewed and 
considered the Office Action mailed on June 11, 2007, and the references cited therewith. 
Reconsideration and allowance of the subject application, as amended, are respectfully requested. 

Claims 1-6, 8-13, 15 and 16 are pending in this application. As of this amendment, 
claims 1, 9 and 16 have been amended. 

Claims 1-3, 9 and 10 stand rejected under 35 USC 103(a) as being unpatentable over 
Vairavan (US Pub. No. 2002/0083344) in view of Chopra et al (US Pat. No. 6,631,466) in view 
of Hui et al (US Pub. No. 2004/0010712) and in view of Canion et al (US Pat. No. 
2002/0108059). Applicant respectfully traverses this rejection in light of the preceding 
amendments and foregoing remarks. 

Applicant's newly amended claim 1 is provided below for the Examiner's convenience. 



1. (Currently Amended): An integrated firewall/VPN system, comprising: 

at least one wide area network (WAN); 
at least one local area network (LAN); and 

an integrated firewall/VPN chipset configured to send and receive data packets 
between said WAN and said LAX, said cliipset comprising: 

a firewall comprising a first layer including a header match packet filtering 
engine configured to provide pattern matching in selected headers of data, a second layer 
including a contents match packet filtering engine configured to analyze the scope of at 
least one data packet, a third layer including at least one application proxy configured to 
provide additional pattern matching using a hardware engine configured to provide pre- 
analysis processing to reduce the workload of a central processing unit (CPU) and a fourth 
layer including a session match engine configured to store a TCPAJDP connection setup in 
a look-up-table and to forward the seaip progress to said_CPU for tracking; 

a VPN configured to provide security functions for data between said LAN 
and said WAN, wherein said security functions are selected from the group consisting of 
encryption, decryption, encapsulation, and decapsulation of said data packets , said VPN 
including a VPN packet buffer configured to receive at least one of said data packets and to 
forward said at least one data packet to an inbound VPN processor configured to decrypt 
and decapsulate said at least one data packet, said VPN further including an inbound 
security database having a database of tunnels configured to provide said inbound VPN 
processor with tunnel information used to decrypt and decapsulate said at least one data 
packet, said VPN further including protocol instructions having microcodes configured to 
instruct said VPN processor to decrypt and decapsulate said at least one data packet 
according to a user-defined security procedure: and 
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an interface configured to determine if said data packets are plain text or 
cipher text, said interface fiirther configured to forward a preselected number of bytes to 
said firewall if said data packets are plain text, said interface further configured to forward 
said data packets to said VPN if said data packets are cipher text . (Emphasis Added). 

Thus, Applicant's claim 1 now recites an integrated VPN/firewall chipset including "a 
third layer including at least one application proxy configured to provide additional pattern 
matching using a hardware engine configured to provide pre-analysis processing to reduce the 
workload of a central processing unit (CPU) and a fourth layer including a session match engine 
configured to store a TCP/UDP connection setup in a look-up-table and to forward the setup 
progress to said CPU for tracking." As discussed in the subject application, the firewall may 
utilize pre-analysis processing "to analyze the preselected data instead of having to operate on the 
entire data packet." Subject application, para. [0022]. In this way, the speed and overall 
efficiency of the firewall may be increased. 

Moreover, claim 1 has been further amended to provide further detail to the VPN. For 
example, claim 1 now recites "said VPN including a VPN packet buffer configured to receive at 
least one of said data packets and to forward said at least one data packet to an inbound VPN 
processor configured to decrypt and decapsulate said at least one data packet , said VPN further 
including an inbound security database having a database of tunnels configured to provide said 
inbound VPN processor with tunnel information used to decrypt and decapsulate said at least one 
data packet, said VPN further including protocol instructions having microcodes configured to 
instruct said VPN processor to decrypt and decapsulate said at least one data packet according to 
a user-defined security procedure ." Applicant is unable to find reference to a VPN having this 
configuration in any of the cited references. 

Claim 1 has been further amended to recite an integrated VPN/firewall chipset including 
"an interface configured to determine if said data packets are plain text or cipher text, said 
interface further configured to forward a preselected number of bytes to said firewall if said data 
packets are plain text , said interface further configured to forward said data packets to said VPN 
if said data packets are cipher text." As discussed above, this pre-processing may increase the 
speed and overall efficiency of the firewall. 
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Applicant is unable to find reference to an integrated VPN/firewall system , which 
includes each and every limitation of Applicant's newly amended claim 1 in either Vairavan, 
Chopra, Hui, or Canion. Therefore, Applicant respectfully submits that newly amended 
independent claim 1 is in condition for allowance. 

Claims 9 and 16 have been amended to include similar limitations and are also believed 
to be in condition for allowance. Since claims 2-6, 8, 10-13, and 15 depend either directly or 
indirectly from Applicant's newly amended independent claims 1, 9 and 16, Applicant contends 
that these claims are in condition for allowance as well. 

Having dealt with all the objections raised by the Examiner, it is respectfully submitted 
that the present application, as amended, is in condition for allowance. Thus, early £illow£ince is 
earnestly solicited. 

If the Examiner desires personal contact for further disposition of this case, the Examiner 
is invited to call the undersigned Attorney at 603.668.6560. 

In the event there are any fees due, please charge them to our Deposit Account No. 50- 

2121. 

Respectfully submitted, 
Jyshyang Chen 

By his Representatives, 

Grossman, Tucker, Perreault & Pfleger, PLLC 
55 South Commercial Street 
Manchester, NH 03101 
603-668-6560 



By: /Edmund P. Pfleger/ 
Edmund P. Pfleger 
Reg. No. 41,252 



